CVE-2023-46455

Name of the Vulnerable Software and Affected Versions GL.iNET GL-AR300M version 4.3.7

Description The issue allows an attacker to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. This can potentially lead to unauthorized access and modification of sensitive data on the affected device.

Recommendations For version 4.3.7, consider disabling the OpenVPN client file upload functionality until a patch is available to prevent exploitation through path traversal attacks. Restrict access to the OpenVPN client to minimize the risk of unauthorized file writes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.